1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042, RV082 VPN speed

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Mike Breeden, Mar 7, 2007.

  1. Mike Breeden

    Mike Breeden LI Guru Member

    Here are a couple of issues questions. I hope someone might have an idea for me.

    I have a couple of RV042 VPN routers. I created a VPN tunnel between them with high encryption and they were painfully slow. I set encryption to minimum (DES) and they were still rather slow, on the order of 5% of a wired network. I need better speed. I get the impression that the problem is the encryption, which is going to be limited by the processor (I think).
    I understand that the RV082 has a processor that runs at twice the speed of the RV042. Would this increase the speed of my VPN significantly?
    Can you suggest any other way to increase the speed of my VPN?

    Let me see if I can figure out this configuration.....
    The LAN is in Bldg 1... The clents in Bldg2. Fixed IP connection to the internet in each building.
    Since it is the processor that limits the speed (I think) I should be able to use a Quick VPN on the client machine. That takes the encryption processing off the the Router in Bldg 2. Since the LAN is behind the RV042 Router in Bldg 1, that router would have to be the VPN endpoint (since it's addres is exposed to the internet). Would setting it up this way speed things up any?

    Let me think. Could I get the QuickConnect VPN passed through the router to a PC acting as the other end of the VPN? (If message from IP *.*.*.*, forward it through to IP address 192.168.0.*)

    As a further minor point, after going to all the hassle of configuring the RV042s, there was still a glitch. Some web sites would no download. Some would not downlaod completely. Linksys tech support was actually very helpful. They were on the routers remotely for near an hour, told me they were defective and were willing to replace them. I'm waiting for them to show up.

    This was sort of posted before, so to answer the responces I got then
    1. netbios traffic is NOT enabled in the tunnel.
    2. Per the last suggestion, I did set up a wireless bridge using 2 Buffalo WHR-HO-54G units. Window to window at about 200 feet it worked very good. Problem is that as far as I know (waiting on call from tech support right now) in Bridge Mode, it can only use WEP encryption. My boss asked about security so I checked on the web and I find that WEP 128 can be cracked in on the order of 3 minutes. Hmmmmm. Definate downside. I am going to tell him that the only way he can expect any security is to turn off both units when not in use. We do Pacific Rim manufacturing and trading. It is possible that our information would be desirable to a certain group known for illicitly acquiring business information.

    Anywho, any suggestions about this would be appreciated. Speed, I want speed.

    Thank you much, Mike Breeden
     
  2. Toxic

    Toxic Administrator Staff Member

    firstly what is your upstream to the internet on each end of the VPN tunnel?
     
  3. sirsquishy

    sirsquishy LI Guru Member

    Your ISP will have an Upstream and Downstream.

    DSL typical is 1.5Megs down 768k Up
    Cable is 7-9Megs down, 252k Up


    Your VPN will ONLY connect at 3/4's of your Upload speed. and that will be your total Throughput on the VPN, the only way to increase it is to Increase your ISP's upsteam.


    On the WEP thing, the best thing to do for Wireless security is to use MAC address filtering on the WAP's, Disable DHCP ( use Static IP addresses ) and get a Vlan control unit that will detect unauthed Macs and force them into a Vlan that goes nowhere :). Oh and turn off the SSID's.
     
  4. Toxic

    Toxic Administrator Staff Member

  5. Mike Breeden

    Mike Breeden LI Guru Member

    Wap2

    Greetings Simon,
    That is good advise, but if this unit is configured as a WDS, Bridge and Access Point, Only WEP is available. So I added MAC Address filtering.... Uh, what's your opinion of that combination?
    AS far as I know there are not alternate machines available for this task.
    Thanks, Mike Breeden
     
  6. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    What is your benchmarked speed? Testing your broadband connection at each site...focus on the upload of each site...that will be the max speed of the VPN tunnel in that direction (minus some overhead).

    I think the 082 and 016 router can pump out 90 megs VPN throughput at triple DES.

    You did state netbios was not enabled. What is taking care of name resolution?

    Have you measured throughput across the tunnel...using something like Ixia?
     
  7. franki_hk

    franki_hk LI Guru Member

    The followings are my RV042, RV042 VPN settings. I found that it is the optimal VPN setting that I have video streaming application between two sites.

    Hardware and Internet Links
    =====================
    Site A:
    RV042
    WAN 1: Dynamic IP 800K/8M
    WAN 2: Static IP 2M/2M

    Site B:
    RV042
    WAN 1: Dynamic IP 800K/8M
    WAN 2: Static IP 2M/2M

    Configuration
    ==========
    Using both WAN 2 of RV042 to setup the VPN tunnel:

    Site A:
    Local Group Setup
    -----------------
    Local Security Gateway Type: IP Only
    IP address: 210.x.x.1
    Local Security Group Type: Subnet
    IP address: 192.168.1.0
    Subnet Mask: 255.255.255.0

    Remote Group Setup
    -------------------
    Remote Security Gateway Type: IP Only
    IP address: 210.x.x.2
    Remote Security Group Type: Subnet
    IP address: 192.168.2.0
    Subnet Mask: 255.255.255.0

    IPSec Setup
    ------------
    Keying Mode: IKE with Preshared Key
    Phase1 DH Group: Group 1
    Phase1 Encryption: AES-128 (** It is more effective than DES. AES-128 is about 3 times faster than DES.)
    Phase1 Authentication: MD5
    Phase1 SA Life Time: 28800 seconds
    Perfect Forward Secrecy: Enable
    Phase2 DH Group: Group 1
    Phase2 Encryption: NULL (** It is useful for considering the VPN speed only.)
    Phase2 Authentication: MD5
    Phase2 SA Life Time: 3600 seconds
    Preshared Key: XXXXX

    Advanced
    ---------
    Compress (Support IP Payload Compression Protocol(IPComp)): Enable
    Keep-Alive: Enable
    Dead Peer Detection (DPD) Interval: 30 seconds

    Site B:
    Local Group Setup
    -----------------
    Local Security Gateway Type: IP Only
    IP address: 210.x.x.2
    Local Security Group Type: Subnet
    IP address: 192.168.2.0
    Subnet Mask: 255.255.255.0

    Remote Group Setup
    -------------------
    Remote Security Gateway Type: IP Only
    IP address: 210.x.x.1
    Remote Security Group Type: Subnet
    IP address: 192.168.1.0
    Subnet Mask: 255.255.255.0

    IPSec Setup
    ------------
    Keying Mode: IKE with Preshared Key
    Phase1 DH Group: Group 1
    Phase1 Encryption: AES-128 (** It is more effective than DES. AES-128 is about 3 times faster than DES.)
    Phase1 Authentication: MD5
    Phase1 SA Life Time: 28800 seconds
    Perfect Forward Secrecy: Enable
    Phase2 DH Group: Group 1
    Phase2 Encryption: NULL (** It is useful for considering the VPN speed only.)
    Phase2 Authentication: MD5
    Phase2 SA Life Time: 3600 seconds
    Preshared Key: XXXXX

    Advanced
    ---------
    Compress (Support IP Payload Compression Protocol(IPComp)): Enable
    Keep-Alive: Enable
    Dead Peer Detection (DPD) Interval: 30 seconds


    After heavy testing, the above configurations are quite safe, fast and suitable at my sites.

    Wish it useful for you!
     
  8. hibiki287

    hibiki287 LI Guru Member

    It's good to see that you can increase vpn performace between two rv0xxx routers. Is it possible to increase filetransfers when using the quickvpn software?

    I am using rv082 with firmware 1.3.3.5, and the latest quickvpn client 1.1. Our transfer speed over vpn is painfully slow. My clients are on dsl 768/6Mb connection and we are on a dual bonded t1 connection. Is it correct for me to assume that the max transfer rate is limited to 3/4 of the 768 that the client is on. Or does the quickvpn slow it down even more?

    -Aziz
     
  9. netlinker

    netlinker LI Guru Member

    The wireless link option would in my opinion be the way to go. To improve security you can do three things:

    1. flash the WHR-HP with the DD-WRT Firmware. This will allow you to use WPA encryption over the WDS link. Works perfect for me!

    http://www.dd-wrt.com/wiki/index.php/Installation#Flashing_the_Buffalo_WHR-G54S_and_WHR-HP-G54

    I have never heard that it is possible to crack WPA encryption. But if you want to add additional layers of security you could:

    2. enable MAC filtering

    3. use the RV082 and RV042 to build a VPN tunnel over the wireless links instead of going over DSL and Cable
     

Share This Page